def login():
user = Users()
username = request.form.get('username').strip()
password = request.form.get('password').strip()
vcode = request.form.get('vcode').lower().strip()
if vcode != session.get('vcode'): #check verification code
return 'vcode-error'
else:
password = hashlib.md5(password.encode()).hexdigest()
result = user.find_by_username(username)
if len(result) == 1 and result[0].password == password:
session['islogin'] = '******'
session['userid'] = result[0].userid
session['username'] = username
session['nickname'] = result[0].nickname
session['role'] = result[0].role
Credit().insert_detail(type='Normal login', target='0', credit=1)
user.update_credit(1)
response = make_response('login-pass')
response.set_cookie('username', username, max_age=30 * 24 * 3600)
response.set_cookie('password', password, max_age=30 * 24 * 3600)
return response
else:
return 'login-fail'
def changedata():
user = Users()
username = request.form.get('username').strip()
nickname = request.form.get('nickname').strip()
usernamenow = user.find_by_username(username)
if usernamenow is not None and usernamenow[0].userid != session.get(
"userid"):
return "error"
user.update_data(session.get("userid"), nickname, username)
return 'reg-pass'
def login():
user = Users()
if request.method == 'GET':
return render_template('login.html')
if request.method == 'POST':
data = json.loads(request.get_data(as_text=True))
username = data.get('username')
password = data.get('password')
try:
name = user.find_by_username(username)[0].username
pwd = user.find_by_username(username)[0].password
except Exception as e:
return jsonify({'code': 40001, 'message': '查询用户信息失败'})
if name is None and password == pwd:
return jsonify({'code': 40002, 'message': '用户名不能为空'})
if name is not None and password != pwd:
return jsonify({'code': 40003, 'message': '用户名或密码错误'})
# 获取用户id,传入生成token的方法,并接收返回的token
if name is not None and password == pwd:
token = create_token(name)
return jsonify({'code': 20000, 'message': '登录成功', 'token': token})
def verify_token(token):
"""
校验token
:param token:
:return:用户信息 or None
"""
# 参数为私有秘钥,跟上面方法的秘钥保持一致
SECRET_KEY = 'abcdefghijklmm'
s = Serializer(SECRET_KEY)
try:
# 转为字典
data = s.loads(token)
except Exception:
return None
# 拿到转换后的数据,根据模型类去数据库查询用户信息
user = Users.find_by_username(data.get('name'))[0]
return user
def register():
user = Users()
username = request.form.get('username').strip()
password = request.form.get('password').strip()
ecode = request.form.get('ecode').strip()
print(ecode, session.get("ecode"))
if ecode != session.get('ecode'):
return 'ecode-error'
elif not re.match('.+@.+\..+', username) or len(password) < 5:
return 'up-invalid'
elif len(user.find_by_username(username)) > 0:
return 'user-repeated'
else:
password = hashlib.md5(password.encode()).hexdigest()
result = user.do_register(username, password)
session['userid'] = result.userid
session['username'] = username
session['nickname'] = result.nickname
session['role'] = result.role
Credit().insert_detail(type='User registration', target='0', credit=50)
return 'reg-pass'